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REMARKS/ARGUMENTS 



In response to the Examiner's objection to the Abstract as being too long, Applicant has 
provided an amended Abstract which meet the requirements of 37 CFR 1 .72(b). 

In response to the Examiner's objection to Figures 1, 2 and 3 Applicant has attached 
herewith replacement drawings in which the lines arc uniform and solid. 

The Examiner has rejected claims 1 - 9, 1 1, 13-21 and 23 under 35 USC 102(e) as being 
anticipated by Hay den (US 6,0 1 8,771). Applicant respectfully disagrees for the reasons that 
follow. 

As specified in the title, Applicant's invention applies to protecting the Internet which is 
an TP based WAN with hundreds of millions of computer hosts all interconnected through IP 
protocols at the network and transport layers. The system relies on existing IP protocols 
including routing protocols through conventional border routers. The key feature of Applicant's 
invention is that it relies on the use ofrapidly changing IP based multicast addresses in a hopping 
sequence known only to the receiving and transmitting stations which are topologically 
distributed within the Internet. The hopping sequence of rapidly changing multicast addresses 
and the time slots at which these addresses are used are only known only to the transmitting and 
receiving stations. The sequence is selected or gencratod, usually through a defined 
cryptographic process, such that to an outside attacker, there is no obvious predictable sequence 
of addresses and time slots. Since the IP multicast protocol is based on a subscriber or "pull" 
pmtocol rather than the "push" protocol used for unieast, it is very difficult for an attacker to 
flood a site since he must know the sequence and timing for the multicast addresses. This system 
is analogous to frequency hopping spread spectrum anti jamming radio systems. 

Applicant has amended iho claims to emphasize (hut the multicast address topping 
technique provides rapidly changing multicast addresses to specified subscriber such that any 
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potential attacker is unable to successfully disrupt or monitor for traffic between end stations. In 
claim 1 for example, Applicant has indicated lhal a multicast address hopping method is being 
claimed in which the multicast address hopping scheme is known only to transmitter and 
subscriber end stations within the multicast group. Further, the multicast address hopping scheme 
is initiated by a cryptographic key. 

The Examiner has relied heavily in the Hayden reference to support both the novelty and 
obvious objections raised. It must be emphasized from the outset that Hayden is not even 
remotely concerned with preventing denial orservicc attacks or Internet security generally, both 
of which are the focus of Applicant's invention. Further, Hayden does not provide a multicast 
address hopping technique in which unsubscribed users arc not privy to the address hopping 
scheme. Hayden specifically relates to the dynamic assignment, deassignment, and 
reassignment ofa common pool of allocated multicast addresses to multiple users for varying 
data streams (sec col. 7 lines 65 and 66). This patent is concerned with the ability to share a 
limited pool of available multicast addresses among multiple users in a publicly advertised 
fashion (sec col 2 lines 44 to 60). Furthermore, this patent applies to link or physical layer 
multicast addressing on a I,ocal Area Network LAN), not multicast on an Internet Protocol (TP) 
based Wide Area Network (WAN)). Applicant's notes that there are normally a limited number 
of multicast addresses available at the physical and link level which are used in a LAN 
(depending on any subnet masking scheme). This is not the case for TP based networks where 
there are over 130 million potential multicast addresses available. Hayden is only applicable to 
LAN and would not work in the IP WAN topology associated with the present invention. As 
highlighted at col 1, line 58 and col 3, lines 18 to 34, Hayden specifically references a LAN and 
LAN protocols respectively. This is further evidenced by the description of the network structure 
at col 3, lines 20 to 23.. Hayden does not refer to IP multicast protocols, including WAN 
protocols, despite the fact that such protocols were known at the time of the application as 
evidenced by the publicly available "Request for Comment (RFC) 1112 Host Extensions for IP 
multicasting, S. Decring, Stanford University, dated August 1989", Applicant also notes that the 
Hayden application was originally made in 1 992 hefore TP networking was widely used. In 
short, adopting the LAN syslcm of TTayden to an IP WAN environment is a non-trivial task 
requiring inventive ingenuity beyond simple workshop engineering. More specifically, the 
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Hayden system would not scale to a WAN because, for example, it would not be possible to 
have the process described at col 4, lines 26 to 65 work on an IP based WAN since U would be 
impossible to have every client on the Internet able to monitor all announcement packets of every 
multicast server on the Internet due to the sheer volume of traffic and processing power required. 
This is why the IP Multicast protocols described in RFC 1 1 12 mentioned above were developed 
and arc implemented within IP WANs. 

Wilh respect to the portions of the description cited by the Examiner, Applicant 
respectfully submits that the Examiner has misunderstood the invention disclosed in Hayden. Col 
1 lines 65-67 and col 2 lines 1-20 refers to dynamic address allocation not a predetermined 
scheme known only to end stations. Further, col 2 lines 8-35 highlights that the dynamic address 
allocation system of Hayden relies on a public announcement scheme to advertise not hide 
address in use. Still further, col 2. lines 44-57 referred to by the Examiner deals with the reuse of 
multicast addresses by varying addresses that are not in use, not the deliberate varying the 
address to prevent attacks. 

In light of the above, Applicant respectfully requests reconsideration and removal of the 25 
USC 102(e) rejection. 

The Examiner has rejected claims 10 and 22 under 35 USC 103(a) as being unpatentable 
over Hayden in view of Caronni (US 6,049,878). Applicant respectfully disagrees for the reasons 
that follow. 

Caronni deals specifically with a method for the management and distribution of group 
keys to encrypt individual datagrams or packets used in a multicast network, for example the IP 
based Internet. Group keys are needed when there are multiple recipients for transmission of 
encrypted data from a source. Caronni is concerned with the confidentiality aspects of 
protection of data through encryption not with the protection of the availability of data against 
Denial of Service attacks as described in ihe present application. Specillcally, Caronni ul col 7 
lines 40 -52 describes the preferred use of a dedicated unicast link (that is a physical link 
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separate from the actual network using the secure multicast system described by Caronni). This 
link would be used to securely send new keys so that the keys are not subject to eavesdropping 
nor other type of attacks (e.g. Man in the Middle) during transit on a publicly accessible network, 
e.g. the Internet. Caronni describes a method to eliminate keys to prevent replay attacks at col 9 
lines 57-65 but the reference to attacks here does not deal with denial of service attacks as 
described in the present application but refers rather to replay attacks whereby an encrypted 
packet is captured by an attacker, stored for a period of time, then replayed in hopes that the key 
is still valid and the packet will be decrypted and delivered to the destination a second time 
which can cause various detrimental effects. Caronni does not describe a method of identifying 
and filtering unicast datagrams implementing a denial of service attack, (e.g. a packet storm 
clogging the physical communication link) on a site through the network. It describes the use of 
a separate physical link (e.g. dial up telephone link) to protect the keys from active attack. The 
present application docs not claim the key distribution nor packet encryption technology. 

When the comments relating to Ilayden are considered in light of the comments relating 
to Caronni, Applicant submits that the combination of Hayden and Caronni do not make 
Applicant's invention as claimed in claims 10 and 22 obvious. Reconsideration and removal of 
the 35 USC 103(a) objection is respectfully requested. 

The Examiner has rejected claims 12 and 24 under 35 USC 103(a) as being unpatentable 
over Hayden in view of Li (US 6,606,706). Applicant respectfully disagrees for the reasons that 
follow. 

I J is concerned with cryptographically separating multicast traffic in a hierarchical 
system to create separate security domains. It docs describe the use of border routers, however 
Applicant notes that these are not conventional border routers running standard TP multicast 
routing protocols as used in the present application, but are more correctly referred to as "security 
domain bolder routers" which in effect arc not conventional "border routers" but contain 

specialized functionality, likely implemented in a special device. These devices, as described in 
Li col 2 lines 28-48, implement a tunneling protocol to allow encrypted multicast packets to 
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traverse a lower level security domain. This specialization is highlighted in Li al col 12 lines 42- 
67 and col 13 lines 1-12. These "security domain border routers" arc not concerned with 
efficient routes but rather the correct security ofthc multicast security domains and would use 
the underlying conventional multicast protocols on the conventional "border routers 1 ' to perform 
efficient routing. 

When the comments relating to llayden are considered in light of the comments relating to 
Li, Applicant submits that the combination of Hayden and Li do not make Applicant's invention 
as claimed in claims 12 and 24 obvious. Reconsideration and removal of the 35 USC 103(a) 
objection is respectfully requested. 

It is also worth noting that the inventions of Caronni and Li are applicable to the Internet 
while, as already discussed, Hayden is applicable to a Local Area Network. Applicant submits that 
there is not motivation to combine these two references, since one skilled in the art would not look 
to combine LAN technology with Internet technology to achieve Applicant's invention. 

Based on the above-noted arguments and amendments, Applicant submits that the application 
is now in good order and ready for allowance. 



Cassan Maclean 
80 Aberdeen Street 
Ottawa, Ontario 
K1S5R5 
February 6, 2004 



Respectfully submitted , 
Shawcross, Charles 




Allan Millard 



Reg. 43,397 

Tel. 1-613-238-6404 



Page 12 of 13 



PAGE 12/16 ' RCVD AT 2Kf2004 3:50:40 PM [Eastern Standard Time] * SVR:USPT0^FXRF-1M ' DNIS:8729306 " CSID:613 230 8755 " DURATION (mm-ss):04-60 



FEB.06'2004 15:29 613-230- 



C AS SAN MACLEAN 



#3346 P. 013 



APPENDIX 



This Page Blank (uspto) 



Page 13 ol" 13 



PAGE 13^16 4 RCVD AT 2/6^004 3:50:40 PM [Eastern Standard Tim€] 1 SVR:USPT0€FXRF-1/4 * DN1S:872M06 1 CSID:613 230 87W 1 DURATION (mm-ss):04-5O 



